I have Cisco Secure ACS installed on Windows2000 Server.I have tried using the same for TACACS+ Server wherein on a router Ihave made the entries such as under.
aaa new-model aaa authentication login group1 group tacacs+ aaa authentication ppp default group tacacs+ aaa authentication ppp group1 group tacacs+ tacacs-server host 129.1.0.42 tacacs-server key ciscosecure With a user xyz created on Ciscosecure I am able to logon to router,but the authorisation does not takes place.I have already put necessary commands on router as under. aaa authorization config-commands aaa authorization commands 1 group1 if-uthenticated group tacacs+ aaa authorization commands 2 default if-authenticated aaa authorization network group1 if-authenticated group tacacs+ On Ciscosecure ACS I tried under user setup, for user xyz , in Advanced TACACS+ settings /TACACS ENABLE PASSWORD Use Tacacs enable password selected ,but it does not accept this enable password. Also in Tacacs+ settings under shell command authorisation ,using per user command authorisation and assigning the command (configure for example ) with necessary arguments( deny terminal for example )I shouls have not been allowed to enter into config mode. But it allows me ( user XYZ ) to enter into config mode. What could have been the problem .Can someone guide me ? In short the authentication part is working but not authorisation . Thanks in advance. Piyush ________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56276&t=56276 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]